aboutsummaryrefslogtreecommitdiff
path: root/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler
diff options
context:
space:
mode:
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler')
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java8
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java83
2 files changed, 67 insertions, 24 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 5c2c43ea..fa26e48f 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -26,7 +26,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processCountryCode;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processDateOfBirthToString;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
@@ -38,7 +37,6 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.lang.NonNull;
@@ -98,7 +96,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
.pseudonym(processPseudonym(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER)))
.familyName(processFamilyName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME)))
.givenName(processGivenName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME)))
- .dateOfBirth(processDateOfBirthToString(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_DATEOFBIRTH)))
+ .dateOfBirth(processDateOfBirth(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_DATEOFBIRTH)))
// additional attributes
.placeOfBirth(processPlaceOfBirth(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PLACEOFBIRTH)))
@@ -174,9 +172,9 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
* @throws EidasAttributeException if NO attribute is available
* @throws EidPostProcessingException if post-processing fails
*/
- protected DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException,
+ protected String processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException,
EidasAttributeException {
- return EidasResponseUtils.processDateOfBirth(dateOfBirthObj);
+ return EidasResponseUtils.processDateOfBirthToString(dateOfBirthObj);
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java
index 6be0a26b..1656ec40 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java
@@ -1,12 +1,21 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Date;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
+import at.asitplus.eidas.specific.core.config.IEidasSpConfiguration;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
@@ -15,8 +24,8 @@ import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
/**
- * Ulraine specific eIDAS AuthnRequest generation.
- *
+ * Ulraine specific eIDAS AuthnRequest generation.
+ *
* @author tlenz
*
*/
@@ -24,45 +33,81 @@ import lombok.extern.slf4j.Slf4j;
public class UaEidProcessor extends AbstractEidProcessor {
private static final String CONFIG_PROP_UA_SPECIFIC_LOA = "auth.eIDAS.node_v2.loa.ua.requested";
-
+ private static final String CONFIG_PROP_UA_WORKAROUND_DATEOFBIRTH =
+ "auth.eIDAS.node_v2.workaround.ua.dateofbirth";
+ private static final String STATIC_DATE_OF_BIRTH = "2000-05-29";
+
private static final String canHandleCC = "UA";
- @Autowired IConfiguration config;
-
+ @Autowired
+ IConfiguration config;
+
@Getter
@Setter
private int priority = 1;
-
+
@Override
public String getName() {
return "UA-PostProcessor";
-
+
}
@Override
public boolean canHandle(String countryCode) {
return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC);
-
+
}
-
+
@Override
protected Map<String, Boolean> getCountrySpecificRequestedAttributes() {
return new HashMap<>();
-
+
}
-
- protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
-
- // allow override of LoA, because UA maybe only support not-notified LoA levels
- String uaSpecificLoA = config.getBasicConfiguration(CONFIG_PROP_UA_SPECIFIC_LOA);
+
+ @Override
+ protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
+ // allow override of LoA, because UA maybe only support not-notified LoA levels
+ final String uaSpecificLoA = config.getBasicConfiguration(CONFIG_PROP_UA_SPECIFIC_LOA);
if (StringUtils.isNotEmpty(uaSpecificLoA)) {
authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(uaSpecificLoA));
- log.info("Set UA specific LoA level to: {}", uaSpecificLoA);
-
+
+ // set non-notified LoA as allowed LoA
+ final List<String> allowedLoa = new ArrayList<>();
+ allowedLoa.addAll(spConfig.getRequiredLoA());
+ allowedLoa.add(uaSpecificLoA);
+ ((IEidasSpConfiguration) spConfig).setRequiredLoA(allowedLoa);
+ ((IEidasSpConfiguration) spConfig).setLoAMachtingMode(EaafConstants.EIDAS_LOA_MATCHING_EXACT);
+ log.info("Set UA specific LoA level to: {} with matching-mode: {}",
+ StringUtils.join(allowedLoa, "|"), EaafConstants.EIDAS_LOA_MATCHING_EXACT);
+
} else {
super.buildLevelOfAssurance(spConfig, authnRequestBuilder);
-
+
}
}
-
+
+ @Override
+ protected String processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException,
+ EidasAttributeException {
+ final String dateOfBirth = super.processDateOfBirth(dateOfBirthObj);
+
+ try {
+ final Date dateElement = new SimpleDateFormat("yyyy-MM-dd").parse(dateOfBirth);
+ if (basicConfig.getBasicConfigurationBoolean(CONFIG_PROP_UA_WORKAROUND_DATEOFBIRTH, false)
+ && dateElement.after(new Date())) {
+ log.warn("DateOfBirth: {} is in the future. Use static DateOfBirth as backup", dateOfBirth);
+ return STATIC_DATE_OF_BIRTH;
+
+ } else {
+ return dateOfBirth;
+
+ }
+
+ } catch (final ParseException e) {
+ log.warn("Can not parse dateOfBirth", e);
+ return dateOfBirth;
+
+ }
+ }
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 03:42:52 +0000